function validateAndCreateSession($unm, $pwd) { // Connect to database and declare a query $conn = getDatabaseConnection(); // Prepare statement to check for users with that name $statement = $conn->prepare('SELECT hashedpw FROM users WHERE username = :username', array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); // Execute $statement->execute(array(':username' => $unm)); $wps = $statement->fetchAll(); // Done with DB part here, disconnect $conn = null; // A response that will be used below... let default be no-good $rsp = new JsonResponse_Str("Invalid username or password."); // If no users available, send that err if (count($wps) == 0) { $rsp->respondAndExit(); } // Get hashed password (could check that only one user exists, but okay) $phash = $wps[0][0]; if (password_verify($pwd, $phash)) { $rsp->setSuccessful(); $rsp->specificString = $unm; // Put user name in specific string // If successful also create session createLogInSession($unm, $phash); } $rsp->respondAndExit(); }
function startTrippin() { // Placeholder... $rsp = new JsonResponse_Str("Problem starting trip."); // Find user's current ID (note, guaranteed logged in by route middleware) $usrn = getSessionUserName(); // Connect to database $conn = getDatabaseConnection(); // Prepare statement to check for users with that name $statement = $conn->prepare('SELECT id FROM users WHERE username = :username', array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); // Execute $statement->execute(array(':username' => $usrn)); $wps = $statement->fetchAll(); // Check in case current user is not in db somehow if (count($wps) == 0) { $rsp->errMessage = "No users returned with uname!"; $rsp->respondAndExit(); } $uid = $wps[0][0]; // Now create a new trip with that user id, empty notes for now $statement = $conn->prepare('INSERT INTO trips (user, notes) VALUES(:userid, :nonotes)'); // Execute with given user id $statement->execute(array(':userid' => $uid, ':nonotes' => '')); // Grab the trip id created, store in session variable $trid = $conn->lastInsertId(); $_SESSION["tripid"] = $trid; // Start off point index at zero $_SESSION["triporderindex"] = 0; // Disconnect from db $conn = null; /* Send back trip id to user for diagnostic purposes, but never accept * client's word on what his trip id is - use server-side _SESSION copy. */ $rsp->specificString = $trid; $rsp->setSuccessful(); $rsp->respondAndExit(); }
<?php require_once 'utils.php'; $testR = new JsonResponse_Str("Hello world!"); $testR->setSuccessful(); $testR->respondAndExit();